Release 5 Ballot

This page is part of the FHIR Specification (v5.0.0-ballot: R5 Ballot - see ballot notes). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions

Example CodeSystem/permission-rule-combining (Turtle)

Security Work GroupMaturity Level: N/AStandards Status: Informative

Raw Turtle (+ also see Turtle/RDF Format Specification)

Definition for Code SystemPermissionRuleCombining

@prefix fhir: <http://hl7.org/fhir/> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .

# - resource -------------------------------------------------------------------

[] a fhir:CodeSystem;
  fhir:Resource.id [ fhir:value "permission-rule-combining"];
  fhir:Resource.meta [
     fhir:Meta.lastUpdated [ fhir:value "2022-09-10T05:52:37.223+11:00" ];
     fhir:Meta.profile [ fhir:value "http://hl7.org/fhir/StructureDefinition/shareablecodesystem" ]
  ];
  fhir:DomainResource.text [
     fhir:Narrative.status [ fhir:value "generated" ]
  ];
  fhir:DomainResource.extension [
     fhir:Extension.url [ fhir:value "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg" ];
     fhir:Extension.value [ fhir:value "sec" ]
  ], [
     fhir:Extension.url [ fhir:value "http://hl7.org/fhir/StructureDefinition/structuredefinition-standards-status" ];
     fhir:Extension.value [ fhir:value "trial-use" ]
  ], [
     fhir:Extension.url [ fhir:value "http://hl7.org/fhir/StructureDefinition/structuredefinition-fmm" ];
     fhir:Extension.value [ fhir:value "0" ]
  ];
  fhir:CanonicalResource.url [ fhir:value "http://hl7.org/fhir/permission-rule-combining"];
  fhir:CanonicalResource.identifier [
     fhir:Identifier.system [ fhir:value "urn:ietf:rfc:3986" ];
     fhir:Identifier.value [ fhir:value "urn:oid:2.16.840.1.113883.4.642.4.2070" ]
  ];
  fhir:CanonicalResource.version [ fhir:value "5.0.0-ballot"];
  fhir:CanonicalResource.name [ fhir:value "PermissionRuleCombining"];
  fhir:CanonicalResource.title [ fhir:value "PermissionRuleCombining"];
  fhir:CanonicalResource.status [ fhir:value "draft"];
  fhir:CanonicalResource.experimental [ fhir:value "false"];
  fhir:CanonicalResource.date [ fhir:value "2022-08-05T10:01:24+11:00"];
  fhir:CanonicalResource.publisher [ fhir:value "HL7 (FHIR Project)"];
  fhir:CanonicalResource.contact [
     fhir:ContactDetail.telecom [
       fhir:ContactPoint.system [ fhir:value "url" ];
       fhir:ContactPoint.value [ fhir:value "http://hl7.org/fhir" ]
     ], [
       fhir:ContactPoint.system [ fhir:value "email" ];
       fhir:ContactPoint.value [ fhir:value "fhir@lists.hl7.org" ]
     ]
  ];
  fhir:CanonicalResource.description [ fhir:value "Codes identifying the rule combining. See XACML Combining algorithms  http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cos01-en.html"];
  fhir:CodeSystem.url [ fhir:value "http://hl7.org/fhir/permission-rule-combining"];
  fhir:CodeSystem.identifier [
     fhir:Identifier.system [ fhir:value "urn:ietf:rfc:3986" ];
     fhir:Identifier.value [ fhir:value "urn:oid:2.16.840.1.113883.4.642.4.2070" ]
  ];
  fhir:CodeSystem.version [ fhir:value "5.0.0-ballot"];
  fhir:CodeSystem.name [ fhir:value "PermissionRuleCombining"];
  fhir:CodeSystem.title [ fhir:value "PermissionRuleCombining"];
  fhir:CodeSystem.status [ fhir:value "draft"];
  fhir:CodeSystem.experimental [ fhir:value "false"];
  fhir:CodeSystem.date [ fhir:value "2022-08-05T10:01:24+11:00"];
  fhir:CodeSystem.publisher [ fhir:value "HL7 (FHIR Project)"];
  fhir:CodeSystem.contact [
     fhir:ContactDetail.telecom [
       fhir:ContactPoint.system [ fhir:value "url" ];
       fhir:ContactPoint.value [ fhir:value "http://hl7.org/fhir" ]
     ], [
       fhir:ContactPoint.system [ fhir:value "email" ];
       fhir:ContactPoint.value [ fhir:value "fhir@lists.hl7.org" ]
     ]
  ];
  fhir:CodeSystem.description [ fhir:value "Codes identifying the rule combining. See XACML Combining algorithms  http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cos01-en.html"];
  fhir:CodeSystem.caseSensitive [ fhir:value "true"];
  fhir:CodeSystem.content [ fhir:value "complete"];
  fhir:CodeSystem.concept [
     fhir:ConceptDefinitionComponent.code [ fhir:value "deny-overrides" ];
     fhir:ConceptDefinitionComponent.display [ fhir:value "Deny-overrides" ];
     fhir:ConceptDefinitionComponent.definition [ fhir:value "The deny overrides combining algorithm is intended for those cases where a deny decision should have priority over a permit decision." ]
  ], [
     fhir:ConceptDefinitionComponent.code [ fhir:value "permit-overrides" ];
     fhir:ConceptDefinitionComponent.display [ fhir:value "Permit-overrides" ];
     fhir:ConceptDefinitionComponent.definition [ fhir:value "The permit overrides combining algorithm is intended for those cases where a permit decision should have priority over a deny decision." ]
  ], [
     fhir:ConceptDefinitionComponent.code [ fhir:value "ordered-deny-overrides" ];
     fhir:ConceptDefinitionComponent.display [ fhir:value "Ordered-deny-overrides" ];
     fhir:ConceptDefinitionComponent.definition [ fhir:value "The behavior of this algorithm is identical to that of the “Deny-overrides” rule-combining algorithm with one exception.  The order in which the collection of rules is evaluated SHALL match the order as listed in the permission." ]
  ], [
     fhir:ConceptDefinitionComponent.code [ fhir:value "ordered-permit-overrides" ];
     fhir:ConceptDefinitionComponent.display [ fhir:value "Ordered-permit-overrides" ];
     fhir:ConceptDefinitionComponent.definition [ fhir:value "The behavior of this algorithm is identical to that of the “Permit-overrides” rule-combining algorithm with one exception.  The order in which the collection of rules is evaluated SHALL match the order as listed in the permission." ]
  ], [
     fhir:ConceptDefinitionComponent.code [ fhir:value "deny-unless-permit" ];
     fhir:ConceptDefinitionComponent.display [ fhir:value "Deny-unless-permit" ];
     fhir:ConceptDefinitionComponent.definition [ fhir:value "The “Deny-unless-permit” combining algorithm is intended for those cases where a permit decision should have priority over a deny decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result." ]
  ], [
     fhir:ConceptDefinitionComponent.code [ fhir:value "permit-unless-deny" ];
     fhir:ConceptDefinitionComponent.display [ fhir:value "Permit-unless-deny" ];
     fhir:ConceptDefinitionComponent.definition [ fhir:value "The “Permit-unless-deny” combining algorithm is intended for those cases where a deny decision should have priority over a permit decision, and an “Indeterminate” or “NotApplicable” must never be the result. It is particularly useful at the top level in a policy structure to ensure that a PDP will always return a definite “Permit” or “Deny” result. This algorithm has the following behavior." ]
  ] .

# -------------------------------------------------------------------------------------


Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.